Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1136
Views
0
Helpful
1
Replies

[ESA] Custom Log Fields per Syslog (CEF)

zubairgondal77@gmail.com
Level 1
Level 1

‎09-22-2021 06:54 AM

I am looking for a way to transmit Custom Log Fields via Syslog (CEF format).

Currently it seems that you can only transfer the default log fields:
But I would like to transfer additional log information, which I write e.g. via a content filter or message filter.
As a workaround it would be sufficient if I could see in the transmitted log which content filter is '"matched", but this is apparently not possible, because you can only see if a CF is matched (ESACFVerdict=MATCH).

Please let me know if there are possibilities.

 

 

Labels:
Preview file
81 KB
0 Helpful
1 Reply 1

Libin Varghese
Cisco Employee
Cisco Employee

‎12-08-2021 09:51 PM

This is being tracked under the below enhancement.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv65368

 

Regards,

Libin

0 Helpful
Customers Also Viewed These Support Documents